01489: Crash in PageVar function if $FmtPV[$var] yields empty string

Summary: Crash in PageVar function if $FmtPV[$var] yields empty string
Created: 2023-03-22 10:34
Status: Closed, fixed for 2.3.22
Category: Bug
From: tictactux
Assigned:
Priority: 3
Version: 2.3.21
OS: builtin Server in php 8.1

Description: Scenario: custom-built form in pmwiki.

If for some reason, $FmtPV[$var] results in a zero length string rather than an empty literal string ('""'), php crashes with

 Parse error: syntax error, unexpected token "return" in /data/html/pmwiki-2.3.21/pmwiki.php on line 1324

because the code tries to do eval("return ();") rather than eval("return ('');")

In eg 2.3.18, the line reads

 if (@$FmtPV[$var]) return eval("return ({$FmtPV[$var]});");

This "if" statement yields "False" on both an empty string and an unset variable.

In 2.3.21, the same line reads

 if (isset($FmtPV[$var])) return eval("return ({$FmtPV[$var]});");

This "if" statement yields "True" even if the variable is empty.

Solution: either revert to the 2.3.18 way, or add a 2nd condition like

 if (isset($FmtPV[$var]) && $FmtPV[$var]) return eval("return ({$FmtPV[$var]});");

Many production webservers will not display PHP errors or warnings but just bomb with a 500 error. I know the basic culprit is a badly designed form (user programmer's error). Still, pmwiki should not be tricked into generating syntax errors.

Best, Ben tictactux

Thanks for this report, fixed for 2.3.22. Since $FmtPV[$var] can also be 0 / zero, I have chosen the following. --Petko

if (isset($FmtPV[$var]) && strval($FmtPV[$var])>'') 
  return eval("return ({$FmtPV[$var]});");